Firewalls vs Intrusion Detection Systems (IDS)

Unlike firewalls, IDS do not block traffic automatically.

In IB terms, IDS focus on detecting attacks after or during attempted access.

How IDS Work

IDS systems:

• Analyse traffic patterns
• Compare activity to known attack signatures
• Identify unusual behaviour

When a threat is detected:

• An alert is generated
• Administrators are notified

IDS provide visibility, not direct prevention.

Key Differences Between Firewalls and IDS

A strong IB comparison:

• Firewalls
  • Prevent unauthorised access
  • Enforce rules
  • Block traffic
• IDS
  • Detect suspicious activity
  • Monitor behaviour
  • Generate alerts

Firewalls act first.
IDS provide insight after or during attacks.

Prevention vs Detection

The core distinction is:

• Firewalls = prevention
• IDS = detection

Both are necessary for a complete security strategy.

Why Both Are Used Together

Using only firewalls:

• Some attacks may still get through

Using only IDS:

• Attacks are detected but not stopped

Together:

• Firewalls reduce attack surface
• IDS detect bypassed or internal threats

This layered approach is known as defence in depth.

Limitations of Firewalls

Firewalls:

• Cannot detect all attacks
• Cannot see encrypted traffic in detail
• Cannot detect insider threats easily

This is why additional monitoring is required.

Limitations of IDS

IDS:

• Do not automatically stop attacks
• Can produce false positives
• Require human response

They support decision-making rather than replacing it.

Common Student Mistakes

Students often:

• Say IDS block attacks
• Say firewalls detect attacks
• Ignore layered security
• Give vague comparisons

Clear functional distinction earns marks.

How This Appears in IB Exams

IB questions may ask students to:

• Compare firewalls and IDS
• Identify which tool fits a scenario
• Explain why both are needed
• Discuss limitations

Comparison and justification score highest.

Final Thoughts

Firewalls and intrusion detection systems protect networks in different ways. Firewalls prevent unauthorised access by blocking traffic, while IDS monitor systems to detect suspicious behaviour and alert administrators.

Understanding how these tools complement each other allows IB Computer Science students to explain layered security clearly and confidently — exactly what examiners expect.

Learn the differences between HDDs, SSDs, and NAS for IB Computer Science, including performance, cost, and use cases.